mailing list archives
GSoC Candidate Intro and Project Discussion
From: "Dautenhahn, Nathan Daniel" <dautenh1 () illinois edu>
Date: Sun, 27 Mar 2011 16:46:14 -0500
My name is Nathan Dautenhahn. I am a second year PhD student at the University of Illinois at Urbana-Champaign and am
interested in working with the Nmap project for GSoC 2011. With this message I would like to get to know some of the
devs, as well as outline my initial thoughts for the project.
I would like to participate in the enhancement of Nmap's IPv6 capabilities. As I'm a researcher, I'm inclined to tackle
more complex problems such as OS detection. I have previous experience in using statistical packet analysis to perform
classification of encrypted traffic.
At this point I still need to specify in greater detail my ideas and scope for the project, but figured it would be
good to start here to make sure that I'm getting the right feedback throughout the process. I will say I don't know how
current IPv4 host detection occurs, and assume that I should start there. The following lists an initial approach I
would take in order to develop host detection:
* Review IPv4 host recognition techniques and other literature on the subject
* Review IPv6 RFC Specification
* It seems as though host detection is very specific to the OS and other implementation specific issues, and as such
profiling the different systems seems like a good first step. I would manually review packet traces from each OS in
order to find any unique state produced by the system.
* Review other state output visible to the network. This task would be focused on exposing any unexpected state that
could be used for host detection.
* After manually analyzing these traces and other output from the hosts I would start to develop some type of
classification of different types of data we find valuable in performing host recognition.
* Would need to analyze and define what type of pattern/classification technique we will use.
* The next thing would be to build some type of initial prototype and see how it does.
* Then make modifications and recurse over testing and modification until the application performs as desired.
Like I said this is a very raw initial approach. Please provide any feedback to point the project in a direction that
would better serve Nmap.
I have a few questions:
* What is the potential for publication coming from this work? Would Nmap be okay if attempted this, and would there
be interest from Nmap to participate in this?
* Is this too advantageous of a project, or would I also need to add in some other work?
Additionally, the following link returns a 404 error: http://socghop.appspot.com/gsoc/org/home/google/gsoc2011/nmap
As well as: http://www.google-melange.com/gsoc/org/home/google/gsoc2011/nmap
These are the application and application template links.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
- GSoC Candidate Intro and Project Discussion Dautenhahn, Nathan Daniel (Mar 27)